Tech Support Forum - View Single Post

tetonbob · 10-12-2007, 07:21 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

It seems your version of SmitfraudFix is not the latest. Let's see if we can use the update feature to get the latest version files.

Double-click smitfraudfix.exe to start the tool.
Select option #4 - Check for Updates by typing 4 and press "Enter"

Follow the prompts and make sure your firewall allows access to the internet.

Once Update is Complete, Select "Q" to quit SmitfraudFix.

If it does not update, do not fret. Simply continue with these next instructions.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll
O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvqt.dll
O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll
O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll
O21 - SSODL: msvb - {D90C5DD9-C6D7-4553-9D70-C5D71A70B473} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {D9E5EA86-C7CC-486E-9C50-EDF11F814B9E} - C:\WINDOWS\sysdx.dll
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Close HijackThis now.

---------------------------------------------------------------------------------------------

Delete these files:

C:\WINDOWS\bndsrsvk.dll
C:\WINDOWS\bndsrvqt.dll

Double-click on SmitfraudFix.exe to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

---------------------------------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:

"Security Info"
"Warning Message"
"Security Desktop"
"Warning Homepage"
"Desktop Uninstall" "Privacy Danger" or something similar

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

---------------------------------------------------------------------------------------------

Double-click on SmitfraudFix.exe to start the tool.
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Then post the following logs in your next reply...

C:\rapport.txt (log from the tool)
Hijackthis log

10-12-2007, 07:21 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,178 OS: 2000 Pro; XP Pro; XP Home	Re: Ultimate Cleaner/Defender problems_2 Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- It seems your version of SmitfraudFix is not the latest. Let's see if we can use the update feature to get the latest version files. Double-click smitfraudfix.exe to start the tool. Select option #4 - Check for Updates by typing 4 and press "Enter" Follow the prompts and make sure your firewall allows access to the internet. Once Update is Complete, Select "Q" to quit SmitfraudFix. If it does not update, do not fret. Simply continue with these next instructions. Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked O2 - BHO: MSVPS System - {05F79890-CFA6-4D53-87BC-2F390DA6645E} - C:\WINDOWS\bndsrsvk.dll O2 - BHO: MSVPS System - {3ADCBC16-19FA-4C59-9C22-E17C71B5FD7A} - C:\WINDOWS\bndsrvqt.dll O3 - Toolbar: The netadv - {ABF529BE-6245-465A-BBD4-238C4EAB0F0A} - C:\WINDOWS\netadv.dll O3 - Toolbar: The netadv - {899B0EF2-E0BE-41BA-BB41-0ABFB232813C} - C:\WINDOWS\netadv.dll O21 - SSODL: msvb - {D90C5DD9-C6D7-4553-9D70-C5D71A70B473} - C:\WINDOWS\msvb.dll O21 - SSODL: sysdx - {D9E5EA86-C7CC-486E-9C50-EDF11F814B9E} - C:\WINDOWS\sysdx.dll O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm Close HijackThis now. --------------------------------------------------------------------------------------------- Delete these files: C:\WINDOWS\bndsrsvk.dll C:\WINDOWS\bndsrvqt.dll Double-click on SmitfraudFix.exe to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot into Normal Windows. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:\rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply. --------------------------------------------------------------------------------------------- Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: "Security Info" "Warning Message" "Security Desktop" "Warning Homepage" "Desktop Uninstall" "Privacy Danger" or something similar Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. --------------------------------------------------------------------------------------------- Double-click on SmitfraudFix.exe to start the tool. Select option #3 - Delete Trusted zone by typing 3 and press Enter Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter. Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection. --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Then post the following logs in your next reply... C:\rapport.txt (log from the tool) Hijackthis log __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009